The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Online web applications, such as applications that execute at a server computer and are accessed via a web browser over a network, may be vulnerable to fraudsters, hackers, or other wrongdoers. These vulnerabilities may result in theft of the private information of users and use of such information for nefarious purposes. For example, usernames, passwords, credit card numbers, social security numbers, addresses, and others sensitive information may be stolen. The stolen information can be used to make fraudulent purchases, to steal the identity of victims, or to distribute malicious code on the web.
Security researchers have been deployed to investigate online web applications and identify vulnerabilities before they are exploited. In existing environments, security researchers manually generate a report that includes the steps that have been taken to expose a vulnerability and/or to exploit the vulnerability. The report includes a detailed description of the steps taken by the researcher in the online web application and is time-consuming to prepare.
To validate a report of a particular vulnerability, in some approaches another researcher reviews the report and manually performs the steps detailed in the report. Because another researcher validates the vulnerability, there can be a significant delay between when the report is received and when the vulnerability is validated. Further, because the researcher is validating the report, the researcher is not actively identifying other vulnerabilities, giving wrongdoers a longer window of opportunity to exploit existing not yet detected vulnerabilities.